What Should I Do If My Business Is Hacked?

Contrary to popular belief, businesses of any size can be at risk of hacking at any time. The threat of cybercriminals attempting to hack businesses is constant, and it is not uncommon for cybercriminals to steal sensitive information, funds or cause disruption to your operations. You should be taking the necessary steps to ensure your company’s data is well protected at all times.

61% of all data breaches in 2017 occurred in businesses with fewer than 1,000 employees, and cybercrime is rising every year in the UK, exemplifying clearly why ensuring your company is protected should be a top priority.

It is important to note that no matter how good your cybersecurity is, nothing is completely bulletproof. Cybercriminals or “hackers” know how to surpass a variety of different cybersecurity solutions, and it could be the difference between your data being safe or stolen.

Cybersecurity threats are sometimes hard to notice and may even be well-masked, for example in an email perfectly designed to grab the attention and pique the interest of your employees.

It is likely that you have already done everything you can to reduce your risk of a cybersecurity breach, but this does not mean the chances of you getting hacked are 0. In the following guide, we’ve outlined how to react quickly and effectively should you find yourself in a dilemma…

1. Recognise there is a problem, keep calm and take action

Cyber breaches are much more common than most businesses know. The longer a hack is ignored, the larger the chances are that more damage can be done. If you or someone within your company identifies that something isn’t right, you must take action immediately in order to mitigate the risk. It is important to note that, no matter how severe, a cyber breach does not mean the end of your business.

Dealing with a cyber breach in an effective and timely manner ensures your reputation stays intact, and you don’t end up spending your precious time and money attempting to rectify the situation. Although some damage may have already been done, the key is reducing the negative impact it can have on your business.

Depending on the extent of the breach and the person performing it, the hacking may be obvious, but there are also more subtle indicators to look for which could suggest you have had a minor breach, or are in the process of being hacked.

A specialised IT expert would be able to identify more subtle hacker activity as they are familiar with the common indicators and know what they’re looking for. However, everyone should be vigilant and cautious if they come across something that seems out of the ordinary, such as:

  • Reports from colleagues or contacts saying they’ve received some uncharacteristic emails from you containing links or attached files.
  • Not being able to access certain files on your computer or while connected to the company network.
  • Random notifications of login attempts to your accounts from times when you were not using them or locations that you haven’t been to.
  • Changes to sensitive data in your systems, such as changes to financial systems and payment details.
  • Frequent browser or system pop-ups.
  • The redirection of internet searches when you have typed in an address that you know is correct/have been to before.

If you suspect that you have been hacked due to the reasons above or any other reason, the best thing to do is take action quickly. Get the assistance of an IT specialist to help protect you from any further damage, as quickly and seamlessly as possible.

If your company has an internal IT team or an IT support partner, inform them immediately. Reporting the situation as quickly as possible is the first step you should take, ensuring to include as much detail as possible about your experience.

If you do not have access to an IT specialist or an internal team, you will need to find someone to assist you who has the skills and expertise necessary for the job. This is usually known as “cyber attach remediation”, and a quick google search should bring up specialists within your area who will be able to help as soon as possible.

No matter the size or scale of your company, having an IT partner in place before a cyber breach happens will save you time, money and potentially your reputation.

2. Analyse the extent of the breach and remediate

Once you have recruited the help of an IT professional, they will begin scanning and identifying which elements of your network have been compromised and will be able to grasp the scale of the hacking. They may have to lock the system down to prevent a further breach. The best thing to do is to stay calm. This could be a small attack that has only compromised one single device, or it could have spread through to the network.

In recent years, one particular attack has become a lot more common, and is known as ‘ransomware’. This is when a piece of software encrypts files on a PC, laptop, server or any data storage device that it is able to access.

Ransomware is usually used to effectively scramble the data, preventing an end-user from accessing it. This means that you would be unable to access your compromised network, and the hacker may have access to all of your files and sensitive information stored on your devices and the network. You would only be able to access it with a very complex key, which would allow you to unlock the files. In some circumstances, the cybercriminals will request a ransom fee in order to hand over the key and give you access to the files, which would usually be paid in cryptocurrency.

In the event of a ransomware scenario, you generally have the option of “fixing” the problem, which consists of paying the ransom (which is not always a fool-proof option). Or, recovering your data from a previous backup.

In the SOPHOS report (The State of Ransomware 2021), it was found that:

  • 8% of businesses who paid the ransom actually recovered all of their data
  • These businesses recovered no more than 50% of their data after paying
  • After paying the ransom, the average amount of data recovered was 65%

It is clear to see when looking at these statistics that paying the ransom may be the fastest way to potentially recover a portion of your data but is definitely not a quick and easy fix that is guaranteed to work.

If you do decide to forego this route, it is likely that your IT partner will be able to communicate with the cybercriminals on your behalf in order to regain access to as much data as possible.

The other option that you could consider is to recover your data from a backup. Depending on your backup process, this could be an effective option. You have to decide if you are OK (and able to effectively function) when losing data which is anything between 1 hour and 1-week-old, depending on your backup process and how often your data is backed up. If your backup process is not very robust, you may want to consider your options carefully.

If your backup is available, the process of restoring your data should be fairly straightforward for you or your IT specialist/team.

No matter how you decide to take action, there are some next steps that are necessary to consider as soon as you are able to, including…

3. Next steps you need to take

It is a legal requirement within the UK to report any data breaches within 72 hours of identifying an issue that involves the “accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data” thanks to new GDPR laws. This means that you have 3 days from identifying the breach to reporting it.

The ICO are the body that oversees GDPR, and they have a website that includes a large amount of helpful information on what to do if you think you have been hacked. The website also contains a self-assessment form which is a free and easy way to understand if you need to report your possible breach.

The main question you will likely be asked is “what are you doing as a result of the breach?”, which would prompt a detailed plan from you (or your IT specialist) outlining the ways you will be moving forward with increased data protection. You will likely need to provide a plan outlining these steps, which could include an altering of current procedures, heightened cybersecurity software and maybe some additional staff training.

It is important to ask your IT team or specialist if they can locate evidence of how the attack was initiated. This information will be key when moving forward with increased cybersecurity measures and could make you aware of a flaw in your security system, meaning you would be able to prevent it from happening again.

When you report a breach, it is not always guaranteed that you will be fined so long as you have taken the necessary steps to show that you have taken your cybersecurity seriously before the breach, and have a plan to improve it after. Providing as much detailed information on how you plan to ensure this doesn’t happen again in the future will ensure you are looked on more favourably in the future.

If you fail to report the breach, you may face much more serious consequences such as a very large fine or a percentage of your global turnover.

To talk more about how you can adequately prepare your cybersecurity system, talk to us at Synergy-UK on 0114 221 6569.

Continue Reading

What is data encryption? And why it’s vital for businesses? - Synergy IT

What is data encryption? And why it’s vital for businesses?

What is data encryption? And why it's crucial for small businesses? We explain what it is and why improving your Cybersecurity is essential.

Changing IT Provider - Synergy IT

Changing IT Provider

Are you satisfied with your current IT provider, or do you feel like your business could benefit from a change?

How to Protect Yourself from a Phishing Attack - Synergy IT

How to Protect Yourself from a Phishing Attack

We explain Phishing Attacks, and how they work. Learn to prevent them and stay safe online. Top safety tips to keep hackers at bay.

Get started with Synergy

    You must accept the terms of our Privacy Policy to send this form